Securing the open source supply chain across GitHub

Over the past year, a new pattern has emerged in attacks on the open source supply chain. Attackers are focusing on exfiltrating secrets like API keys in order to both publish malicious packages from an attacker-controlled machine as well as gain access to more projects in order to propagate the...

Understand your software’s supply chain with GitHub’s dependency graph

What if you could spot the weakest link in your software supply chain before it breaks? With GitHub's dependency graph, you can. By providing a clear, complete view of the external packages your code depends on, both directly and indirectly, it allows you to understand, secure, and manage your...

GHSA-CVP7-C586-CMF4 Withdrawn: Code Injection in loguru

Withdrawn This advisory has been withdrawn after the maintainers of loguru noted this issue is not a security vulnerability and the CVE has been revoked. We have stopped Dependabot alerts regarding this issue. Original Description In versions of loguru up to and including 0.5.3 a lack of...